We are pleased to announce that Microsoft Defender for Endpoint, Microsoft 365 Defender and Microsoft Defender for Identity now support data residency in Australia and are available for public preview. This announcement demonstrates our commitment to providing customers with the highest levels of security and compliance by offering services that are aligned to local data sovereignty requirements. Customers can now confidently onboard to Microsoft Defender for Endpoint, Microsoft 365 Defender and Microsoft Defender for Identity in Australia, knowing that their data at rest will remain within Australian boundaries. This ensures that Australian customers can meet their regulatory obligations and maintain control over their data, while benefiting from the advanced threat detection and response capabilities of Microsoft Defender for Endpoint, Microsoft 365 Defender and Microsoft Defender for Identity. We are excited to share this new addition and look forward to your feedback.
How to configure Microsoft Defender data to be hosted in Australia
Start by determining where the existing Microsoft 365 Defender portal is located.
In the portal, go to Settings -> Microsoft 365 Defender -> Account and see where the service is storing your data at rest.
For example: in the image below, the service location for this tenant is Europe.
If the service is storing your data in Australia, you are done! However, if it is in one of the traditional service locations of US/UK/EU, then a tenant reset/shift needs to be requested via Customer Service and Support (CSS) - see below for further details.
For the tenant reset, you will need to contact CSS where they will walk you through the process.
IMPORTANT – the tenant reset process is destructive. All existing data for Microsoft Defender for Endpoint and Microsoft 365 Defender in your current tenant will be deleted; for example, alerts, incidents, settings and configurations.
Prior to requesting the tenant reset:
Remove any existing integrations with products and services that have been enabled on the tenant (e.g., Intune).
Save the off-boarding scripts.
Request the tenant reset/shift via CSS.
When the reset process is completed, check the new location of Microsoft 365 Defender; The service will be storing your data at rest in Australia.
Devices can now be onboarded to the new tenant and those removed integrations can be restored. As noted below, re-onboarding is the best option for Windows devices – just use the onboarding script from the portal and run over the top of any device previously onboarded to old tenant. No need to off-board first.
For the onboarded devices the table below describes the action(s) needed for each OS Platform:
Windows 10/11 , Windows Server Server 2019 and later, Windows Server 2008R2/2012R2/2016 with the Unified Agent
Use Re-Onboarding from new Portal* or Offboard and Onboard
Reinstall and onboard with the new onboarding script.
MMA based - Windows Server 2008R2/2012R2/2016 , Windows 7/8.1 (Defender for Endpoint workspace)
Replace the workspace configuration with the one from the new portal
MMA based - Windows Server 2008R2/2012R2/2016 (Defender for Cloud workspace)
No action is needed. Defender for Cloud will automatically push the data to the new OrgId.
*This option is possible since the new onboarding script will contain a "PreviousOrg" field with the value of the OrgId before the reset.
Important: A restart is required for the changes to take effect.